Critical Vulnerability in Siemens Spectrum Power (CVE-2019-6579) Patched in Monthly Advisory
April 10, 2019Siemens Security Advisory Day (SAD) for April 2019 addresses a variety of vulnerabilities, including a critical vulnerability in Siemens Spectrum Power. Background On April 9, Siemens published its ...
CVE-2019-0211: Proof of Concept for Apache Root Privilege Escalation Vulnerability Published
April 8, 2019Researcher publishes proof of concept (PoC) for local root privilege escalation bug patched by Apache last week. Background Last week, Apache published a security update to address six vulnerabiliti...
Cisco Fixes Incomplete Patch for RV320 and RV325 Routers, Including Two New Bugs (CVE-2019-1827, CVE-2019-1828)
April 4, 2019Cisco finalizes patch for RV320 and RV325 after researchers determined a previous patch was incomplete. Background On April 4, Cisco published updated advisories to address two vulnerabilities in it...
Magento Security Updates Fix Over 30 Bugs Including an Unauthenticated Remote Code Execution Vulnerability (PRODSECBUG-2198)
March 28, 2019Magento Commerce and Open Source advisory provides fixes for RCE, XSS, SQLi, and XSRF vulnerabilities. Background Magento has released a security advisory for 30+ vulnerabilities, including an ...
Multiple Remote Code Execution Vulnerabilities Found in Grandstream Devices
March 26, 2019Multiple security vulnerabilities found in Grandstream devices’ web interfaces include remote code execution and user credentials stored in plaintext. Background According to Threatpost, a number of...
Easy WP SMTP WordPress Plugin Exploited In The Wild
March 21, 2019Popular WordPress plugin vulnerable to unauthenticated attacks continues to be targeted despite the availability of a patch. Background On March 17, researchers at Ninja Technologies Network (NinTec...
Cisco March Advisory Addresses Multiple Vulnerabilities in FXOS and NX-OS
March 7, 2019Cisco released security advisories for multiple vulnerabilities including CVE-2019-1614, an authenticated RCE vulnerability affecting many Cisco switches running NX-OS. Background On March 6th, Cisc...
Use-After-Free Vulnerability in Google Chrome Exploited In The Wild (CVE-2019-5786)
March 6, 2019Google Chrome 72.0.3626.121 was released to address CVE-2019-5786. The company’s Clement Lecigne reports the vulnerability was exploited in the wild together with a Microsoft Windows privilege escalat...
Adobe Issues Out-of-Band Security Bulletin for Critical ColdFusion Vulnerability (CVE-2019-7816)
March 1, 2019Adobe Security Bulletin APSB19-14 addresses a file upload restriction bypass vulnerability that has been exploited in the wild. Background On March 1, Adobe published APSB19-14, an out-of-band secur...
Management Interfaces in Three Models of Cisco Networking Devices Are Vulnerable to RCE Attacks
February 27, 2019New vulnerability (CVE-2019-1663) in Cisco RV110W, RV130W, and RV215W devices allows for RCE attacks from malicious HTTP requests. Background Cisco has released a security advisory for CVE-2019...
WinRAR Absolute Path Traversal Vulnerability Leads to Remote Code Execution (CVE-2018-20250)
February 25, 2019A 19-year-old vulnerability in WinRAR’s ACE file format support (CVE-2018-20250) has been identified as part of an attack in the wild. Background On February 20, researchers at Check Point Research ...
Highly Critical Drupal Security Advisory Released (SA-CORE-2019-003)
February 20, 2019Drupal has released a security advisory to address a critical remote code execution vulnerability (CVE-2019-6340). Background On February 20, Drupal released a security advisory (SA-CORE-2019-003) f...